joomla error-based sql injection

All posts tagged joomla error-based sql injection

Good Evening Friends. Today we will see how to exploit the “Joomla Error-Based SQL Injection” vulnerability found recently to enumerate usernames and password hashes found in remote servers where Joomla is installed. This vulnerability is found in Joomla versions 3.2 to 3.4.4. Now let’s see how to use this exploit to enumerate usernames and password hashes. This exploit is available in Metasploit. I am testing this exploit on Joomla version 3.4.4.

joomla error-based sql injection0

Start Metasploit and load the exploit as shown below.

joomla error-based sql injection1

Set the required options as shown below and type command “exploit”. After some time, a text file containing usernames and password hashes is downloaded and stored in your system as shown below.

joomla error-based sql injection3

Now open the text file with any text editor available in kali Linux. I have used gedit.

joomla3

This is the text file we have downloaded. As you can see below, we can see usernames and password hashes of the joomla installation.

joomla error-based sql injection4